-
Notifications
You must be signed in to change notification settings - Fork 15k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: ensure the sandboxed preloads globals do not leak #17712
Conversation
e5f533a
to
fa8203c
Compare
fa8203c
to
0531d8b
Compare
Release Notes Persisted
|
@MarshallOfSound this is gonna need manual bp to |
I was unable to backport this PR to "5-0-x" cleanly; |
A maintainer has manually backported this PR to "5-0-x", please check out #17830 |
A maintainer has manually backported this PR to "5-0-x", please check out #17830 |
Description of Change
This PR re-adds the preload wrapping we used to have for sandboxed renderers that was accidentally removed as part of C71. It takes a different approach partially due to API changes in node and partially for performance reasons. Instead of wrapping the script at runtime, we wrap the scripts at build time.
This PR enables the
--standalone
flag for our browserify builds and then wraps the scripts with a fakemodule: { exports }
. Standalone will ensure nothing leaks and the fake exports will ensure that nothing gets injected onto thewindow
object 馃憤Release Notes
Notes: Fixed issue where sandboxed renderers could sometimes leak globals outside of the preload script